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DETAILED ACTION 

1. Claims 1-55 have been examined and are pending. 

Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 1 12: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the subject 
matter which the applicant regards as his invention. 

2. Claims 1, 9, 10, 18, 19, 33, 34, 37, 48 and 52 are rejected under 35 U.S.C. 1 12, second 
paragraph, as being indefinite for failing to particularly point out and distinctly claim the subject 
niatter which applicant regards as the invention. 

Claims 1, 9, 10, 18, 19,33, 34, 37, 48 and 52 recite "communicating via a network 
interface with a host, wherein the commimicating comprises a transport of multi-protocol data 
packets over a point-to-point communications link between the host and the network interface". 
It is not clear whether the act of communicating is taking place "between the host and the 
network interface" or some other entity is commimicating via a network interface with the host. 
That is, if the communication is between the host and the network interface as two end points, 
then who and/or what is communicating via a network interface with a host. For purpose of 
examining, the Examiner assumes that a host is communicating with a network interface using a 
transport of multi-protocol data packets over a point-to-point communications link between the 
host and the network interface. 

Double Patenting 

The nonstatutory double patenting rejection is based on a judicially created doctrine 
grounded in public policy (a policy reflected in the statute) so as to prevent the unjustified or 
improper timewise extension of the "right to exclude" granted by a patent and to prevent possible 
harassment by multiple assignees. See In re Goodman, 1 1 F.3d 1046, 29 USPQ2d 2010 (Fed. 
Cir. 1993); In reLongi, 759 F.2d 887, 225 USPQ 645 (Fed. Cir. 1985); In re Van Ornum, 686 
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F.2d 937, 214 USPQ 761 (CCPA 1982); In re Vogel All F.2d 438, 164 USPQ 619 (CCPA 
1 970); and, In re Thorington, 41 8 F.2d 528, 1 63 USPQ 644 (CCPA 1 969). 

A timely filed teraiinal disclaimer in compliance with 37 CFR 1.321(c) may be used to 
overcome an actual or provisional rejection based on a nonstatutory double patenting ground 
provided the conflicting application or patent is shown to be commonly owned with this 
application. See 37 CFR 1.130(b). 

Effective January 1, 1994, a registered attorney or agent of record may sign a terminal 
disclaimer. A terminal disclaimer signed by the assignee must fiiUy comply with 37 
CFR 3.73(b). 

3. Claims 1-43, 48-49 and 52-55 are rejected under the judicially created doctrine of 
obviousness-type double patenting as being unpatentable over claims 1-39 of U.S. Patent No. 
6,253,327. Although the conflicting claims are not identical, they are not patentably distinct 
firom each other because: 

4. Claims 1-39 and 48-49 of the instant appUcation recite identical limitations as claims 1- 

39 of the US patent No. 6,253,327. The difference being that independent claims 1, 9, 10, 18, 19, 
29, 33 and 48 of the instant application recite (see Claim Comparison Table below): 

communicating via a network interface with a host, wherein said communicating 
comprises a transport of multi-protocol data packets over a point-to-point communication link 
between the host and the network interface. 

Claims 1, 9, 10, 18, 19, 29, and 33 of the US patent No. 6.253,327 recite: 

causing a host to communicate with a network interface using a transport of multi- 
protocol data packets over a point-to-point communication link. 

communicating via a network interface with a host, wherein said communicating 
comprises a transport of multi-protocol data packets over a point-to-point communication link 
between the host and the network interface is read to mean (as stated above under section 35 
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U.S.C. 112 rejection) causing a host to communicate with a networlc interface using a 
transport of multi-protocol data packets over a point-to-point communication link. 

The term "subscriber" recited in claims 1-39 of the patent is considered species of the 
genus "host" recited in claims 1-53 of instant application. Subscriber species of the patent 
anticipates the genus host recited in the instant application. 

Therefore, Claims 1-39 and 48-49 of the instant application are not patentably distinct 
from claims 1-39 of the USP 6;253,327. 

5. Claims 40-41 of the instant application recite identical limitations as claims 29-30 of the 
US Patent No. 6,253,327. The difference being that claim 40 of the instant application recites "A 
gateway". . "having access to a first domain and a second domain, "a multi protocol point-to- 
point link device" and an authentication processor " while claim 29 of the patent recites "An 

apparatus" "having the capacity to create same-session open channel to a first domain and a 

second domain", "means foe causing a subscriber's host to communicate with a network 
interface using a transport of multi-protocol data packets over a point-to-point link", and "means 
for authorizing said subscriber to access said first domain and said second". That is, the 
Apparatus comprising the means recited in the patent performs identical functions as the gateway 
of the patent comprising a multi protocol point-to-point device and an authentication processor 
for authorizing said subscriber (host) to access said first domain and said second domain based 
upon login information obtained from said subscriber (host). The preamble of the patent reciting 
"An apparatus" .... "having the capacity to create same-session open channels to a first domain 
and a second domain" anticipates "A gateway" .. .."having access to a first domain and a second 
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domain". Therefore, Claims 40-41 of the instant application are not patentably distinct from 
claims 29-30 of the US Patent No. 6,253,327. 

6. Claims 42-43 of the instant application substantially recite limitations of claims 29-30 of 
the US Patent No. 6,253,327. The difference being that claim 42 of the instant application recites 
"An apparatus". ... "having access to a first domain and a second domain, "a multi protocol 
point-to-point link device", "a source address device in communication with the host for 
negotiating a dynamic Internet Protocol address", and "an authentication processor " while claim 

29 of the patent recite "An apparatus" "having the capacity to create same-session open 

channel to a first domain and a second domain", "means foe causing a subscriber's host to 
communicate with a network interface using a transport of multi-protocol data packets over a 
point-to-point link", "means for identifying a source address for a subscriber", and "means for 
authorizing said subscriber to access said first domain and said second". That is, while the 
Apparatus comprising the means recited in the patent and the apparatus comprising devices and 
an authentication processor recited in the instant appUcation are not identical, but the apparatus 
of the instant application is an obvious variation of the patent apparatus and they are not 
patentably distinct from each other. 

Claims 52-55 of instant application recites a program storage device readable by 
machine, tangibly embodying a program of instructions executable by the machine to perform 
the method claims 19-20 and 26-27 which recite identical limitations as claims 19-20 and 26-27 
of the US Patent No. 6,253,327. 

A program storage device as claimed in application claim 52 has one and only one practical 
application. This program storage device readable by machine, tangibly embodying a program of 
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instructions executable by the machine is useful only in that it operates a programmable 
computer to perform a series of acts that constitutes steps of a method that is identical to the 
already claimed method of patent method claim 19. Thus, whenever this program storage is used 
as intended (the only practical use for the program storage device), the method prescribed by 
patent method claim 19 will be performed. Therefore, when the application program storage 
device of claim 52 is considered as a whole, including its only practical (useful) effect, the 
method of the US patent claim 19 covers the effective subject matter that practically must flow 
from the recited subject matter of the application program storage device of claim 52. Therefore, 
claims 52-55 of the instant application and claims 19-20 and 26-27 of the US Patent No. 
6,253,327 are not patentably distinct. 

Therefore, claims 1-39 of the US Patent No. 6,253,327 and claims 1-43 and 48-49 and 
52-55 of the instant appUcant are not patentably distinct and claims 1-43, 48-49 and 52-55 of the 
instant application are obvious over claims 1-39 of the US Patent No. 6,253,327. 



Claim-Comparison Table 



Claim 


Application No. 


Claim 


Patent 


NO. 


10/074307 


No. 


US 6,253,327 


1 


A method for single-step subscriber logon to 


1 


A method for single-step subscriber logon 




a differentiated data conmiunications 




to a differentiated data communications 




network including a first domain and a 




network including a first domain and a 




second domain, said method 




second domain, said method comprising: 




comprising: 








communicating via a network interface 




causing a host to communicate with a 
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with a host, wherein said communicating 
comprises a transport of multi-protocol data 
packets over a point-to-point 
communication link between 
the host and the network interface; 

identifying a source address for [a] the 
host; and 

aumonzmg ine nosi lo access saia nrsi 
domain and said second domain based upon 
login information obtained from the host. 




network interface using a transport of 
multi-protocol data packets over a point-to- 
point communication link; 

identifying a source address for the 
host; and 

aUiiiunzing ulc nuoi lu aCLCss ooiu iirbi 
domain and said second domain based upon 
login information obtained from said 
subscriber. 


L 


i ne meuiou oi ciaun i luruier compnsmg. 
authenticating said subscriber based upon 
login information obtained from the host. 


L 


i ne iiiciilou OI daiiii i lunncr wonipnsing. 

authenticating said subscriber based upon 
login information obtained from said 


3 


The method of claim 2 wherein said 
authenticating is accomplished using Link 


3 


The method of claim 2 wherein said 
authenticating is accomplished using Link 


4 


The method of claim 1 wherein said 
identifying is accomplished using Intemet 
Protocol Control Protocol (IPCP). 


4 


The method of claim 1 wherein ^aiH 

1.11V lllwUlV/U V/X VlClllll X WllwlWlll ocuu 

identifying is accomplished using Intemet 
Protocol Control Protocol (IPCP). 


5 


The method of claim 1 wherein said 


5 


The method of claim 1 wherein said 
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lacniiiying lurLiier compnsws. 

assigning an Internet Protocol address to 
the host from a pool of addresses located in 

a memory. 




lueniiiying luruicr L/Uiiipris>cs>* 

assigning an Intemet Protocol address to 
said subscriber from a pool of addresses 
located in memory. 


6 


The method of claim 1 wherein said 
identifying further comprises: 

assigmng an iniemei jrioiucoi auuress lu 
the host from an authentication reply packet 
received from an authentication server. 


6 


The method of claim 1 wherein said 
identifying ftirther comprises: 

aSoigmng dil iiiicmwi ir ruiuLui auuivob lu 
said subscriber from an authentication 
reply packet received from an 

QiTf"ViA"n1"ir*ci'f"ir\'n c^nr^f 
aUlIlCIlllL'aliUIl oCIVCX. 


7 


The method of claim 1 wherein said 
communicating is accomplished using 
Point-to-Point Protocol (PPP). 


7 


The method of claim 1 wherein said causing 
is accompUshed using Point-to-Point 
Protocol (PPP). 


O 
O 


1 ne memoQ oi ciaim i wnerein saia 
authorizing fiirther comprises: 

writing said login information into a 
memory. 


O 

o 


1 nc mcuioa oi cioim i wncrem sdia 
authorizing further comprises: 
writing said login information into a 
memory. 


9 


A method for single-step subscriber logon to 

network including a first domain and a 
second domain, said method comprising: 
authenticating in a network interface a 


9 


A method for single-step subscriber logon 

to Hi fTprPTiti a tpH Hfitn rnrnmiinipatinnc 

IV/ CL Vili.i.Wl wllllClv&ll Vidl-Cl VV/lilXliUXilV/allV/ilO 

network including a first domain and a 
second domain, said method comprising: 
authenticating a subscriber based upon 
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host based upon login information obtained 




login information obtained from said 




from the host; 




subscriber; 




communicating via the network 




causing the subscriber's host to 




interface with the host, wherein said 




communicate with a network interface 




communicating comprises a transport of 




using a transport of multi-protocol data 




multi-protocol data packets over a point-to- 




packets over a point-to-point link; 




point link existing between the host and 








tlie network interface; 








identifying a source address for the host; 




identifying a soxurce address for said 




writing said login information into a 




subscriber; 




memory; and 




writing said login information into a 
memory; and 




authorizing the host to access said first 
domain and said second domain based upon 
said login information. 




authorizing said subscriber to access 
said first domain and said second 
domain based upon said login information 
obtained from said subscriber. 


10 


A method for single-step subscriber logon to 
a differentiated data communication 
network including same-session access 

domain, said method comprising:. 

communicating via a network interface 
with a host wherein said communicating 


10 


A method for single-step subscriber logon 
to a differentiated data communication 
network including same-session access 

L/opauiilllCo ISJ a 11151 UUllldlll oXiU. a oCdJllU 

domain, said method comprising: 
causing the subscriber's host to 
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comprises a transport of multi-protocol data 
packets over a point-to-point, 
communication link between the host and 
the network interface; 




communicate with a network interface 
using a transport of multi-protocol data 
packets over a point-tp-point 
communication link; 




identifying a source address for the host; 
and 

auinonzmg ine nosi lo access saiu nrsi 
domain and said second domain based upon 
login information obtained from the host. 




identifying a source address for a 
subscriber; and 

auinonzmg saia suDScriDer 10 access saia 
first domain and said second domain based 
upon login information obtained from said 
subscriber. 


1 1 
1 X 


ine memoQ oi cxaim lu lurxner compnsmg. 

authenticating the host based upon login 
information obtained from the host 


1 1 
1 i 


ine memoa 01 ciami lu lunner compnsmg. 

authenticating said subscriber based 
upon login information obtained from said 

SUDSCriDcFa 


12 


The method of claim 1 1 wherein said 
authenticating is accomplished using Link 

Pontrol Prntnrnl T PP 


12 


The method of claim 1 1 wherein said 
authenticating is accomplished using Link 


13 


The method of claim 1 0 wherein said 
identifying is accomplished using Internet 
Protocol Control Protocol (IPCP). 


13 


The method of claim 10 wherein <5aid 

Ji. AX^r X&X%/l>XXX/Xi» V/X V/X%XXXXX X %r tT XX%^X ^^XXX OCXXVX 

identifying is accomplished using Intemet 
Protocol Control Protocol (IPCP). 


14 


The method of claim 10 wherein said 


14 


The method of claim 10 wherein said 
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luciiiiiying luriiicr wumpridCa. 

assigning an Internet Protocol address to 
the host from a pool of addresses located in 

a memory. 




liiCiiiiiyiiig luiuiwi L/Uxiipi lowo . 

assigning an Internet Protocol address to 
said subscriber from a pool of addresses 

located in a memory. 


15 


The method of claim 10 wherein said 
identifying further comprises: 

assigning an iniwrnci jrroiocoi auurcda lu 
the host from an authentication reply packet 
received from an authentication server. 


15 


The method of claim 10 wherein said 
identifying further comprises: 

aoolglllllg oil llllCrilCl X lUlUL/Ul aUUlCod lU 

said subscriber from an authentication 
reply packet received from an 
authentication server. 




1 ne mcinoQ oi cidun i u wncrcin boiu 
communicating is accomplished using 
Point-to-Point Protocol (PPP). 


lO 


lllC IIlClilUU Ui Ulallll iU WllCXClll aalU. 

causing is accomplished using Point-to- 
Point Protocol (PPP). 


1 7 


inc mcinuu ui vidiiii lu wiiwrciii oaiu 
authorizing fiirther comprises: 

writing said login information into a 
memory. 


1 7 


IIIC illvLilULl UI i./ialiii iU Wild will oalLi 

authorizing further comprises: 

writing said login information into a 
memory. 


18 


A Tnf*th nri for Qincxlp-siten siih<;criher Inpon to 

a differentiated data communication 
network including same-session access 
capabilities to a first domain and a second 


18 

1. u 


A method for ^inffle-ster) suhsctHhpr loaon 
to a differentiated data communication 
network including same-session access 
capabilities to a first domain and a second 
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domain, said method comprising: 




domain, said method comprising: 




authenticating a host based upon login 




authenticating a subscriber based upon 




infomiation obtained from the host; 




login information obtained from said 
subscriber; 




communicating via a network interface 




causing the subscriber's host to 




with the host, wherein said communicating 




communicate with a network interface 




comprises a transport of multi-protocol data 




using a transport of multi-protocol data 




packets over a point-to-point link existing 




packets over a point-to-point link; 




between the host and the network 








interface; 








identifying a source address for the host; 




identifying a source address for said 
subscriber; 




writing said login information into a 




writing said login information into a 




memory; and 




memory; and 




authorizing the host to access said first 




authorizing said subscriber to access 




LLUIIlalll dllU oalii owk/UllU ilUIIlalll UooCU. UpUIl 








said login information. 




based upon login information obtained 
from said subscriber. 


19 


A method for single-step subscriber logon 
of a host to a differentiated data 
communication network having access to a 


19 


A method for single-step subscriber logon 
of a host to a differentiated data 
communication network having access to a 
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first domain and a second domain 




first domain and a second domain 




comprising: 




comprising: 




receiving login information from said 




receiving login information from the 




host; 




subscriber; 




authenticating said host based upon 




authenticating said subscriber based 




said login information; 




upon said login information; 




storing said login information in a 




storing said login information in 




memory; 




memory; 




notifying said host once a successful 




notifying the subscriber's host once a 




authentication process has been completed; 




successful authentication process has been 
completed; 




initiating an address allocation 




setting an address allocation session with 




negotiation session; 




said host; 




assigning a source address to said host; 




assigning a source address to said host; 




communicating via a network interface 




causing said host to communicate with 




with said host, wherein said 




a network interface using a transport, of 




communicating comprises a transport of 




multi-protocol data packets over a point-to- 




multi-protocol data packets over a point-to- 




point link; and 




t^nint linV pvicWno hpf^vppn csiirl hnct* sinH 

L/Uliil lilUV CA.li9l.IIlK LFCi'TrCvll 9<1IU IIMSI' «tUU 








said network interface; and 








writing a subscriber-related entry into the 




writing a subscriber-related entry into 




memory based upon said source address 




memory based upon said source address and 
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and said login information. 




said login information. 


20 


The method of claim 19 wherein said 
authenticating further comprises: 

processing an authentication request 
packet based upon said login information; 

sending said authentication request packet 
to an authentication memory bank; 
dnu 

receiving a reply packet from said 
authentication memory bank. 


20 


The method of claim 19 wherein said 
authenticating further comprises: 

processing an authentication request 
packet based upon said login information; 

sending said authentication request 
packet to an authentication memory bank; 

alLKJ. 

receiving an access accept reply packet 
from said authentication memory bank. 


21 


The method of claim 20 wherein said 
sending further comprises: 

SCnUing balU-aulllwIlllt.>allUIl rcl|UC9l 

packet via a Remote Access Dial-In User 
Service (RADIUS) protocol communication 
link. 


21 


The method of claim 20 wherein said 
sending further comprises: 

oCIlUUlg ooiU aUUlCIlUC^allUXl 1 Cpij pdCKCi 

via a Remote Access Dial-In User Service 
(RADIUS) protocol commxmication link. 


22 


The method of claim [19] 20 wherein said 
writinff fiirther comnri^es* 

writing said subscriber-related entry into 
the memory based upon configuration 
information in said reply packet from said 


22 


The method of claim 19 wherein said 
writing fiirther comnrises* 

writing said subscriber-related entry into 
a memory based upon configuration 
information in said access accept reply 
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aiiiucniicaiion mcniury d^dk* 






23 


The method of claim 19 wherein said login 
infomiation comprises a user name and a 
user authenticator. 


23 


The method of claim 19 wherein said 
subscriber login information includes the 

user name and user authenticator. 


24 


The method of claim 19 wherein said 
receivmg mnner comprises. 

receiving login information using a Link 
Central Protocol (LCP) communication 
link. 


24 


The method of claim 19 wherein said 
receivmg runner comprises. 

receiving login information using a Link 
Central Protocol (LCP) communication 
link. 


25 


The method of claim 19 wherein said 
miiiaimg mnner comprises. 

utilizing an Internet Protocol Control 
Protocol (IPCP) communication link. 


25 


The method of claim 19 wherein said 
semng runner comprises. 

setting an address allocation session 
using an Intemet Protocol Control Protocol 
(IPCP) communication link. 


26 


The method of claim 19 wherein said 
assigning further comprises: 

retrieving a subscriber Internet Protocol 
address from a nool of addresses located in 
the memory. 


26 


The method of claim 19 wherein said 
assigning further comprises: 

retrieving a subscriber Intemet Protocol 

address from a nool of addresses looated in 

S*\Jk MX wiJO XXV/XXX M> LyV/\./X V^X Clvi\XXx/OOwO X\JWCILWU XXX 

memory. 


27 


The method of claim 19 wherein said 
assigning further comprises: 


27 


The method of claim 19 wherein said 
assigning further comprises: 
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retrieving a subscriber Internet Protocol 




retrieving a subscriber Internet Protocol 




address from an access accept reply packet 




address from an access accept reply packet 




received from an authentication server. 




received from an authentication server. 


28 


The method of claim 19 wherein said 


28 


The method of claim 19 wherein said 




cuiiiiiiuxiiLdiiiig lurincr i/uuiprioco. 




f^jniciTicr fiirfTiPT* r*AtTinricpc* 




utilizing a Point-to-Point Protocol session 




causing said host to communicate with 




between said host and said network 




said network interface using a Point-to- 




interface. 




Point Protocol session. 


29 


An apparatus for single step logon of a host 


29 


An apparatus for single step logon of a host 




to a differentiated data communication 




to a differentiated data communication 




network having the capacity to create same- 




network having the capacity to create same- 




session open channels to a first domain and 




session open chaimels to a first domain and 




a second domain, the apparatus comprising: 




a second domain, the apparatus comprising: 




means for communicating via a 




means for causing a subscriber's host 




network interface with a host, wherein 




to communicate with a network interface 




said communicating comprises a transport 




using a transport of multi-protocol data 




of multi-protocol data packets over a point- 




packets over a point-to-point link; 




to-point communication link existing 








between the host and the network 








interface; 








means for identifying a source address for 




means for identifying a source address for 




the host; and 




a subscriber; and 
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means for authorizing the host to access 
said first domain and said second domain 
based upon login information obtained from 
the host. 




means for authorizing said subscriber 

to access said first domain and said second 
domain based upon login information 
obtained from said subscriber. 


30 


The apparatus of claim 29 further 
compnsmg. 

means for authenticating the host based 
upon login information obtained from the 
host. 


30 


The apparatus of claim 29 further 

C/UIIipiioillg. 

means for authenticating said subscriber 
based upon login information obtained from 
said subscriber. 


31 


The apparatus of claim 29 wherein said 
means for communicating further 
comprises: 

means lor conununicdung ueiwewu me 
host and the network interface using a 
Point-to-Point Protocol session . 


31 


The apparatus of claim 29 wherein said 
means for negotiating for the transport of 
multi-protocol data packets further 
comprises: 

mcouo xur cuniinuiiicaiiiig pciwccii oaiu 
host and said network interface using a 
Point-to-Point Protocol session. 


32 


means for authorizing further comprises: 




X lie ALIUalCllUd SJL L/lAilll WiidClIl Oditl 

means for authorizing said subscriber to 
access said first domain and said second 

domain further comprises: 
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means for writing said login information 
into a memory. 




means for writing said login information 
into a memory. 


33 


An apparatus for single-step subscriber 


33 


An apparatus for single-step subscriber 




logon of a host to a differentiated data 




logon of a host to a differentiated data 




communication network having access to a 




communication network having access to a 




first domain and a second domain 




first domain and a second domain 




comprising: 




comprising: 




means for receiving login information 




• 

means for receiving login information 




from said host; 




from the subscriber; 




means for authenticating said host based 




means for authenticating said subscriber 




upon said login 




based upon said login information; 




information; 








means for storing said login information 




means for storing said login information 




in a memory; 




in a memory; 




means for notifying said host once a 




means for notifying the subscriber's host 




successful authentication process has been 




once, a successful authentication process has 




completed; 




been completed; 




mean<5 for inittatinff an addre*5<i allncation 

lJ.lv/CU10 J.V/1 lllltlO'VlH^ CUl CiVX\JJ.wOO CtllV^wCil.l\^ll 




tneans for setting an address al location 

IIIVCUIO d-\JM. OwLllllg CUl Civi Vll VOO CillUV/CUlvfll 




negotiation session; 




session with said host; 




means for assigning a source address to 




means for assigning a source address to 




said host; 




said host; 



Application/Control Number: 10/074,307 
Art Unit: 2131 • 



Page 19 





means for communicating via a 
network interface with said host wherein 
said communicating comprises a transport 
of multi-protocol data packets over a point- 
to-point link existing between said host 
anci saia nerworK mieriace, ano 

means for writing a subscriber-related 
entry into the memory based upon said 
source address and said login information. 




means for causing said host to 
communicate with a network interface 
using a transport of multi-protocol data 
packets over a point-to-point link; and 

means for writing a subscriber-related 
entry into memory based upon said source 
address and said login information. 


34 


A program storage device readable by a 
machine, tangibly embodying a program of 
instructions executable by the machine to 
perform a method for single-step 
subscriber logon to a differentiated data 
commimications network including a first 
domain and a second domain, said method 
comprising: 

communicating via a network 

inl'Pi*rsipp wil'h fM hnci* wliPT*piri QfiiH 

IIliCIKIVC TTII'U H lMV9%y Wllvlwill oaiU 

communicating comprises a transport of 
multi-protocol data packets over a point-to- 
point communication link between the host 


34 


A program storage device readable by a 
machine, tangibly embodying a program of 
instructions executable by the machine to 
perform a method for single-step subscriber 
logon to a differentiated data 
communications network including a first 
domain and a second domain, said method 
comprising: 

causing the host to communicate with 

4m. UClTTtJllV IUt.Cl 1<1^C USIIIg a lioiidUUiL Ul 

multi-protocol data packets over a point-to- 
point communication link; 
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and the network interface; 

identifying a source address for the host; 
and 

dUlIlUO/:«lIl^ IIIC llUdl lU aCCCoo oalU llioL 

domain and said second domain based upon 
login information obtained from the host. 




identifying a source address for a host; 
and 

jjiifVinriyina Q^iiH Vir*Qt fa j^pppqq Qi^iH fir<jt 

domain and said second domain based upon 
login information obtained from said 
subscriber. 


35 


The program storage device of claim 34 
wherein said method further comprises: 

authenticating the host based upon login 
information obtained from the host. 


35 


The program storage device of claim 34 
wherein said method further comprises: 

authenticating said subscriber based 
upon login information obtained from said 
subscriber. 


36 


The program storage device of claim 34 

ixAVip'T'p'i'ti csiiH 5iiitlir4in'7i'no' ■fiiTtliPi' 
Wliviwili ocUU all lliUl 1^111^ lui liivi 

comprises: 

writing said login information into a 
memory. 


36 


The program storage device of claim 34 

Avliprpin Q5iiH JuitVinnTincT ■fiit+Vipr pnirrnricpc* 

Wild will OcllVX aUlllUllZilii^ ILUlllWi L/wlllL/IlavO. 

writing said login information into a 
memory. 


37 


A nroffram storage device readable bv a 
machine, tangibly embodying a program of 
instructions executable by the machine to 
perform a method for single-step 


37 


A nroffram storaee device readable bv a 
machine, tangibly embodying a program of 
instructions executable by the machine to 
perform a method for single-step subscriber 
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subscriber logon to a differentiated data 




logon to a differentiated data 




communication network including secure 




communication network including secure 




simultaneous access capabilities to a first 




simultaneous access capabilities to a first 




domain and a second domain, said method 




domain and a second domain, said method 




comprising: 




comprising: 




communicating via a network interface 




causing the subscriber's host to 




with a host wherein said communicating 




communicate with a network interface 




comprises a transport of multi-protocol data 




using a transport of multi-protocol data 




packets over a point-to-point 




packets over a point-to-point 




communication link between the host and 




communication link; 




the network interface; 








identifying a source address for the host; 




identifying a source address for a 




and 




subscriber; and 




auinonzing uie nosi lo access saia nrsi 




aumonzmg saiQ suoscnoer lo access saia 




domain and said 




first domain and said second domain based 




second domain based upon login 




upon login information obtained from said 




information obtained from the host. 




subscriber. 


38 


The program storage device of claim 37 


38 


The program storage device of claim 37 












authenticating the host based upon login 




authenticating said subscriber based 




information obtained from the host. 




upon login information obtained from said 








subscriber 
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6y 


ine program storage device oi ciaini j / 




1 ne program sioragc oevice oi ciaim d i 




wherein said method further comprises: 




wherein said method fiirther comprises: 




writing said login information into a 




writing said login information into a 




memory. 




memory. 


40 


A gateway for single-step subscriber logon 


29 


An apparatus for single step logon of a 




of a host to a differentiated data 




host to a differentiated data communication 




communication network having access to a 




network having the capacity to create 




furst domain and a second domain, the 




same-session open channels to a first 




gateway comprising: 




domain and a second domain, the 








apparatus comprising: 




a multi-protocol point-to-point link 




means for causing a subscriber's host to 




device for establishing a commimication 




commimicate with a network interface 




link for the transport of multi-protocol data 




using a transport of multi-protocol data 




packets between the host and the gateway; 




packets over a point-to-point link; 




a source address device for obtaining a 




means for identifying a source address 




source address for the host; and 




for a subscriber; and 




n ■« A ^Im AN ^« An #>M v%**AAAdOA** 

an auioenncauon processor lor 




means tor aumonzmg saia suDScnoer lo 




authorizing the host to access the first 




access said first domain and said second 




Hnmjiin !4nH tVif* Qf^rnnH Hnmain HjiqpH iinnti 




dnmain ha<;ed iiTinti lopin infnrmfltinn 

VtV/lllCilli. l/dOwVi UL/V^ll IVglU l.J.lXv/1 lllvli>lwi J. 




login information obtained fi^om the host. 




obtained from said subscriber. 


41 


The gateway as defined in claim 40, 


30 


The apparatus of claim 29 further 








comprising: 
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wherein the authentication processor 
authenticates the host based upon the 
login information. 




means for authenticating said 
subscriber based upon login information 
obtained from said subscriber. 


42 


An apparatus for single-step subscriber 


29 


An apparatus for single step logon of a host 




logon of a host to a differentiated data 




to a differentiated data communication 




communication network having access to a 




network having the capacity to create 




first domain and a second domain, 




same-session open channels to a first 




the apparatus comprising: 




domain and a second domain, the 








apparatus comprising: 




a multi-protocol point-to-point link 




means for causing a subscriber's host to 




device in communication with the 




communicate with a network interface 




host for establishing a communication link; 




using a transport of multi-protocol data 








packets over a point-to-point link; 




a source address device in 




means for identifying a source address 




communication with the host for 




for a subscriber; and 




negotiating a dynamic Internet Protocol 








address; and 








AU alllOcDULallUQ piUCCssUr lUi 




UlC<tll9 lUl aUlIlUriZillg balU aUDoL'riOwr lU 




authorizing the host to access the first 




access said first domain and said second 




domain and the second domain based upon 




domain based upon login information 




loin information obtained fi^om the host. 




obtained fi-om said subscriber. 


43 


The apparatus as defined in claim 42, 


30 


The apparatus of claim 29 fiirther 
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cumpridiiig . 




wherein the authentication processor 




means for authenticating said 




receives the login information from the 




subscriber based upon login information 




host and authenticates the host. 




obtained from said subscriber. 


48 


An apparatus for single-step subscriber 


29 


An apparatus for single step logon of a host 




logon to a differentiated data 




to a differentiated data communication 




communications network including a first 




network having the capacity to create 




domain and a second domain, the 




same-session open channels to a first 




apparatus comprising: 




domain and a second domain, the apparatus 








comprising: 




means for communicating via a 




means for causing a subscriber's host 




network interface with a host, wherein 




to communicate with a network interface 




the communicating comprises a transport 




using a transport of multi-protocol data 




of multi-protocol data packets over a 




packets over a point-to-point link; 




point-to-point communication link between 








the host and the network interface; 








means for identifying a source address for 




means for identifying a source address 




the host; and 




for a subscriber; and 




tnP5inQ finr fliitVinrrziriO" tViP* HnQt tn jipppqc 








the first domain and the second domain 




access said first domain and said second 




based upon login infomiation obtained fi-om 




domain based upon login information 




the host. 




obtained firom said subscriber. 
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49 


The apparatus as defined in claim 48, 


30 


The apparatus of claim 29 further 




lunncr compnsing. 








means for authenticating the host based 




means for authenticating said subscriber 




upon login information obtained from the 




based upon login information obtained from 




host 




said subscriber. 


52 


A program storage device readable by a 


19 






machine, tangibly embodying a 








program of instructions executable by the 








machine to perform a method for 




A method for single-step subscriber logon 




single-step subscriber logon of a host to a 




of a host to a differentiated data 




differentiated data communication network 




communication network having access to a 




having access to a first domain and a second 




first domain and a second domain 




domain, the method comprising: 




comprising: 




receiving login inforaiation from the host; 




receiving login information from the 








subscriber; 




authenticating the host based upon the 




authenticating said subscriber based 




login information; 




upon said login information; 




storing the login information in a memory; 




storing said login information in memory; 




notifVinff the ho55t once a successful 




notifvinff the subscriber's host once a 




authentication process has been 




successful authentication process has been 




completed; 




completed; 




initiating an address allocation 




setting an address allocation session with 
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negotiation session; 

assigning a source address to the host; 

communicating via a network interface 
with the host, wherein the communicating 
comprises a transport of multi-protocol data 
packets over a point-to-point link existing 
between the host and the network interface; 
and 

writing a subscriber-related entry into the 
memory based upon the source address and 
the login information. 




said host; 

assigning a source address to said host; 

causing said host to communicate with 
a network interface using a transport of 
multi-protocol data packets over a point-to- 
point link; and 

writing a subscriber-related entry into 
memory based upon said source address and 
said login information. 


53 


The program storage device as defined in 
claim 52, wherein the authenticating fiirther 
comprises:^ 

processing an authentication request 
packet based upon the login information; 

sending the authentication request packet 
to an auuientication memory oanK, 

Oliii 

receiving a reply packet fi"om the 
authentication memory bank. 


20 


The method of claim 19, wherein said 
authenticating fiirther comprises: 

processing an authentication request 
packet based upon said login information; 

sending said authentication request 
pacKei lo an auuieniicauon memory oanK, 

CUiU 

receiving an access accept reply packet 
fi-om said authentication memory bank. 


54 


The program storage device as defined in 


26 


The method of claim 19, wherein said 
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claim 52, wherein the assigning 
nuTJier conipnses. 

retrieving a subscriber Internet Protocol 
address from a pool of addresses located in 
the memory. 




assigning fiuther comprises: 

retrieving a subscriber Internet Protocol 
address from a pool of addresses located in 
memory. 


55 


The program storage device as defined in 
claim 52, wherein the assigning further 

(./Ullipr IdCp . 

retrieving a subscriber Internet Protocol 
address from an access accept reply packet 
received from an authentication server. 


27 


The method of claim 19 wherein said 
assigning further comprises: 

retrieving a subscriber Intemet Protocol 
address from an access accept reply packet 
received from an authentication server. 



Allowable Subject Matter 
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